Try our new research platform with insights from 80,000+ expert users

HCL AppScan vs Seeker comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

HCL AppScan
Average Rating
7.8
Reviews Sentiment
6.1
Number of Reviews
43
Ranking in other categories
Application Security Tools (15th), Static Application Security Testing (SAST) (15th), Dynamic Application Security Testing (DAST) (1st)
Seeker
Average Rating
7.0
Reviews Sentiment
7.3
Number of Reviews
1
Ranking in other categories
Internet Security (18th), Mobile Threat Defense (14th), API Security (21st)
 

Mindshare comparison

HCL AppScan and Seeker aren’t in the same category and serve different purposes. HCL AppScan is designed for Application Security Tools and holds a mindshare of 2.7%, up 2.7% compared to last year.
Seeker, on the other hand, focuses on Internet Security, holds 0.1% mindshare.
Application Security Tools
Internet Security
 

Featured Reviews

Sthembiso Zondi - PeerSpot reviewer
Has a straightforward setup process and valuable security features
We use AppScan primarily for security testing and performance monitoring across our systems The product's features for comprehensive code analysis (static) and live environment testing (dynamic) have significantly enhanced our ability to identify and address vulnerabilities, improving overall…
San K - PeerSpot reviewer
More effective than dynamic scanners, but is missing useful learning capabilities
One area that Seeker can improve is to make it more customizable. All security scanning tools have a defined set of rules that are based on certain criteria which they will use to detect issues. However, the criteria that you set initially is not something that all applications are going to need. The purposes for which applications are designed may differ in practice in the industry, and because of this, there will always be tools that sometimes report false positives. Thus, there should be some means with which I can customize the way that Seeker learns about our applications, possibly by using some kind of AI / ML capability within the tool that will automatically reduce the number of false positives that we get as we use the tool over time. Obviously, when we first start using the scanning tool there will be false positives, but as it keeps going and as I keep using the tool, there should be a period of time where either the application can learn how to ignore false positives, or I can customize it do so. Adding this type of functionality would definitely prevent future issues when it comes to reporting false positives, and this is a key area that we have already asked the vendor to improve on, in general. On a different note, there is one feature that isn't completely available right now where you can integrate Seeker with an open-source vulnerability scanner or composition analysis tool such as Black Duck. I would very much like this capability to be available to us out-of-the-box, so that we can easily integrate with tools like Black Duck in such a way that any open source components that are used in the front-end are easily identified. I think this would be a huge plus for Seeker. Another feature within Seeker which could benefit from improvement is active verification, which lets you actively verify a vulnerability. This feature currently doesn't work in certain applications, particularly in scenarios where you have requested tokens. When we bought the tool, we didn't realize this and we were not told about it by the vendor, so initially it was a big challenge for us to overcome it and properly begin our deployment.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"IBM AppScan has made our work easy, as we can do four to five scans of websites at a time, which saves time when it comes to vulnerability."
"It's generally a very user-friendly tool. Anyone can easily learn how to scan"
"AppScan's most valuable features include its ability to identify vulnerabilities accurately, provide detailed remediation steps, and the newly introduced AI-powered features that enhance its functionality further."
"I like the recording feature."
"We leverage it as a quality check against code."
"You can easily find particular features and functions through the UI."
"It comes with all of the templates that we need. For example, we are a company that is regulated by PCI. In order to be PCI compliant, we have a lot of checks and procedures to which we have to comply."
"The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase."
"A significant advantage of Seeker is that it is an interactive scanner, and we have found it to be much more effective in reducing the amount of false positives than dynamic scanners such as AppScan, Micro Focus Fortify, etc. Furthermore, with Seeker, we are finding more and more valid (i.e. "true") positives over time compared with the dynamic scanners."
 

Cons

"If HCL AppScan is able to alert the clients over email once the scan is complete, it would be great. Right now, HCL AppScan doesn't let me know if the scanning part is finished or not, because of which I have to come back and check mostly."
"Visibility is an issue for us. Our partners do not know we have integrations with some of IBM products."
"The solution needs to improve in some areas. The tool needs to add more languages. It also needs to improve its speed."
"I think being able to search across more containers, especially some of the docker elements. We need a little tighter integration there. That's the only thing I can see at this point."
"There are so many lines of code with so many different categories that I am likely to get lost. ​"
"The penetration testing feature should be included."
"I would love to see more containers. Many of the tools are great, they require an amount of configuration, setup and infrastructure. If most the applications were in a container, I think everything would be a little bit faster, because all our clients are now using containers."
"They have to improve support."
"One area that Seeker can improve is to make it more customizable. All security scanning tools have a defined set of rules that are based on certain criteria which they will use to detect issues. However, the criteria that you set initially is not something that all applications are going to need."
 

Pricing and Cost Advice

"AppScan is a little bit expensive. IBM needs to work a little bit on the pricing model, decreasing the license cost."
"The price of HCL AppScan is okay, in my opinion. You just buy HCL AppScan and don't pay anything anymore, meaning it is just a one-time purchase."
"The solution is cheap."
"HCL AppScan is expensive."
"With the features, that they offer, and the support, they offer, AppScan pricing is on a higher level."
"The product is moderately priced, though it's an investment due to extensive code analysis needs."
"The product has premium pricing and could be more competitive."
"I would rate the product's pricing a nine out of ten. The product's pricing is expensive compared to the features that they offer."
"The licensing for Seeker is user-based and for 50 users I believe it costs about $70,000 per year."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
861,803 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Financial Services Firm
14%
Government
11%
Manufacturing Company
10%
Financial Services Firm
19%
Government
15%
Computer Software Company
13%
Manufacturing Company
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What do you like most about HCL AppScan?
The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase.
What needs improvement with HCL AppScan?
AppScan needs to improve its handling of false positives. It also requires enhancements in customer support, similar to what Veracode provides. Regularly scheduling calls with clients to discuss fe...
What is your primary use case for HCL AppScan?
The primary use case for AppScan is for security purposes. I compare AppScan with other tools such as Veracode. We use AppScan for vulnerability detection and auto-remediation of vulnerabilities wi...
Ask a question
Earn 20 points
 

Comparisons

 

Also Known As

IBM Security AppScan, Rational AppScan, AppScan
No data available
 

Overview

 

Sample Customers

Essex Technology Group Inc., Cisco, West Virginia University, APIS IT
El Al Airlines and Société Française du Radiotelephone
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools. Updated: June 2025.
861,803 professionals have used our research since 2012.